qt6-qtwebengine: updated to 6.11.0
The 6.11 release for Qt Framework is now available, with improved performance,
newly supported techniques and capabilities on graphics, connectivity and
languages, not to mention a whole new approach to asynchronous C++ coding. Take
a closer look.
https://www.qt.io/blog/qt-6.11-released
qt6: updated to 6.11.0
The 6.11 release for Qt Framework is now available, with improved performance,
newly supported techniques and capabilities on graphics, connectivity and
languages, not to mention a whole new approach to asynchronous C++ coding. Take
a closer look.
https://www.qt.io/blog/qt-6.11-released
Enable __USE_TOPDOWN_VM; this was set on sun2 and sun3, but somehow
forgotten on the rest of m68k. (Seriously, why is this even optional?)
Tested on both Utah and new pmap.
inetutils: update to 2.8.
# Noteworthy changes in release 2.8 (2026-04-29) [stable]
** telnetd no longer supports the --debug (-D) option. Previously, it
would open a predictable file name at /tmp/telnet.debug, following it if
it were a symbolic link. The data printed to it could also be
controlled by a client. These behaviors could be combined to result in
a local privilege escalation. Reported by Justin Swartz in
<https://lists.gnu.org/r/bug-inetutils/2026-03/msg00040.html>.
Guillem Jover also mentioned that another user can create the file
before telnetd does, keep the file open, and snoop on sessions which may
include credentials in
<https://lists.gnu.org/r/bug-inetutils/2026-03/msg00048.html>.
** telnet no longer leaks the value of unexported environment variables
to servers sending the NEW-ENVIRON SEND USERVAR command.
Reported by Justin Swartz in
<https://www.openwall.com/lists/oss-security/2026/03/13/1>.
[55 lines not shown]
gnutls: update to 3.8.13.
* Version 3.8.13 (released 2026-04-29)
** libgnutls: Add more checks to DTLS reassembly
Previously, gnutls didn't check that DTLS fragments claimed
a consistent message_length value.
Additionally, a crucial array size check was missing,
enabling an attacker to cause a heap overwrite.
Reject fragments with mismatching length and add a missing boundary check.
Independently reported by
Haruto Kimura (Stella), Oscar Reparaz and Zou Dikai.
[GNUTLS-SA-2026-04-29-1, CVSS: high] [CVE-2026-33846]
** libgnutls: Fix qsort comparator in DTLS reassembly
The comparator function used for ordering DTLS packets
by sequence numbers did not follow qsort comparator contracts
in case of packets with duplicate sequence numbers,
which could lead to unstable ordering or undefined behaviour.
[197 lines not shown]
x68k: Initialize d_bbsize and d_sbsize on the disklabel always.
These values are for (old) FFS, so it didn't make sense to initialize
only when the BSD disklabel was missing and the Human68k partition existed.
This avoids disklabel(8)'s warnings:
disklabel: boot block size 0
disklabel: super block size 0
Inspired from PR install/59600.
lcms2: update to 2.19.
All tests pass.
-----------------------
2.19 Featured release
-----------------------
CMake build system. Thanks to Vlad Erium for the initial implementation and kmilos for improvements.
Large files support to use profiles up to 4Gb
Black point compensation works on multi-channel profiles
Added more test platforms/architectures in GitHub tests, Cygwin and MSYS are now fully checked.
jpgicc banner is not shown on normal operation, only when help is requested.
Added a way to access internal transform pipelines. For read only.
Add a way to retrieve the CMM signature
Added extra checks on postscript undocumented functions
Added guard on integer overflow when reading .cube files
Added unneeded checks as a try to get rid of spam reports about "vulnerabilities" that are not real.
Utility program names generated by Visual Studio 2026 are now same as all other platforms.
Creating an output profile by cmsTransform2DeviceLink does not propagate correctly the colorant table. Fixed.
[51 lines not shown]
sysinst/x68k: Remove unnecessary conditions in md_disklabe_is_default().
lp->d_bbsize and lp->d_sbsize should be constants (this is probably another
bug) and should not be part of this check.
Fix PR install/59600
Should be pulled up -10 and -11.
Centralize the definition of VM_MIN_ADDRESS, VM_MAX_ADDRESS/VM_MAXUSER_ADDRESS,
and USRSTACK. While here, get rid of the "must be compatible with HP-UX
debuggers" affordance which, really, has outlived its usefulness (and not
all platforms adopted this in any case). Also, since we haven't had "u."
in about a million years, there's also no need to have UPAGES worth of
virtual space above the user stack, so just tuck it right up against
the ceiling everywhere.
Odd-ball is Amiga because it previously had a USRSTACK totally unlike
the others, so I left it that way for now.
sgimips: early initialisation of mach_subtype for SGI Indy / Indigo2
The mach_subtype field is needed early in boot for dev/int.c (the 8254
in the IO block) and other bits and pieces like GIO bus config.
So set it up super early here.
This allows my Indigo 2 R4400PC-150 to boot - slowly until the int driver
enumerates, but that's separate problem I'll dig into.
I also verified my R5000PC-180 Indy boots with this.
This addresses PR port-sgimips/60205 .
sgimips: delete dead code for IP32 console keyboard
The IP32 console keyboard controller is not a PC/AT style 8042
controller. It is a PS/2 controller though. Let it attach
normally, not through here.
